Red Hat Bugzilla – Bug 240396
CVE-2007-2654: xfsdump file permissions issue
Last modified: 2007-11-30 17:12:04 EST
"xfs_fsr in xfsdump creates a temporary directory with insecure permissions,
which allows local users to read or overwrite arbitrary files on xfs filesystems."
Patch from SUSE update attached.
Created attachment 154896 [details]
Patch from SUSE update
Sorry didn't see this.
I'll get this pulled in soon.
This is fixed in most recent xfsprogs 2.2.45, as of a couple months ago:
I've got most recent xfsprogs in F8test and F7 updates-testing; I'll try to get
it pushed to F6 as well.
xfsdump-2.2.42-2.fc6 is now available in Fedora 6 Extras, and it resolves this